The future is insecure

INSECURE DATA can be added to the list of life's certainties along with death and taxes following the rise of the hacker collective called Anonymous and the admission by the US government's premier computer security organisation, the National Security Agency, that nothing is secure.

While Anonymous failed to bring down Paypal, only knocking the blog offline, the widespread susceptibility of websites of major organisations that underpin the economy is something that is never going to go away.

Even the promise of quantum computing cryptography, where nothing truly exists it is only ever probabilities, has been undermined by the revelation that an early prototype has been hacked. Deliberately as a test we should add.

However any hope that greater computing power will lead to ever more sophisticated security systems that can repel hackers must now be said to be a dead and forlorn hope that never had any realistic prospect of ever coming true.

One glaring hole that was always going to undermine even quantum security was the human being. Laziness, incompetence, greed or pure spite, one of these common traits of humanity was always going to find someone on the inside of any security system ready to do ill.

The apparent high value of personal data that would be seen as mundane by many has driven the business model of Facebook. The largest database of human beings' locations, ages, interests and lists of family and associates outside of government welfare and police computers has utterely failed to protect its customers.

Not that governments are much better. The UK's Information Commissioner 's Office (ICO) regularly posts announcements about data breaches by one part of the government or another. Only recently has the ICO been given the power to fine organisations that have data breaches. Yet our data has been computerised by governments and corporations for at least a generation.

Back in the corporate world the business models appear to be tilted against consumer and citizen rights and in favour of marketers that crave personal data.

With Google's Eric Schmidt questioning whether privacy is even still relevant and Microsoft's Steve Bullmer declaring that his son is happy to be tracked if he can get paid for it, a future world of consumers under the microscope for cash beckons.

We have all become aware of the phrase credit rating. We all have one because financial institutions trust no one and our private data is used to create a profile of each and every one of us, whether we have a mortgage or loan or not, for the use of the corporate world.

Yet these companies, whose security should be better than most because of their financial clients, still lose our data and then we find that organised crime has tried to apply for a credit card in our name.

The reality of the world's computer and network systems is that it's entirely down to random chance as to whether your data will be secure, will be exploited by others for profit, will find its way to organised crime or will see you registered as a person of interest by government agencies. Oddly, we are back to probability again.

That conclusion rasies a question, what market mechanism is there that would actually reinforce privacy of data? Consumers not using an organisaton's services for fear of data loss would be the easy answer, but it is not so simple when every organisation is insecure.

The harsh truth is that there is no market mechanism, no profit motive in keeping someone's data secure, even for the insecurity software companies, because all companies want to know about who their actual and potential customers are.

One wonders if there will come a time when certain systems underpinning our world economy will simply be closed with only a handful of access points that are basically punch card operations in nature. Such a specialist method of access would restrict the number that could do anything to so few persons that the human element of security might not be its weakest link. For the individual there is always the option of minimising their online presence. Is the past the future of security? µ